[people/pmueller/ipfire-2.x.git] / src / misc-progs / sshctrl.c

/* SmoothWall helper program - sshctrl
 *
 * This program is distributed under the terms of the GNU General Public
 * Licence.  See the file COPYING for details.
 *
 * (c) Mark Wormgoor, 2001
 * Simple program intended to be installed setuid(0) that can be used for
 * restarting SSHd. 
 * 
 * $Id: sshctrl.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
 * 
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#include <errno.h>
#include "libsmooth.h"
#include "setuid.h"

#define BUFFER_SIZE 1024

char command[BUFFER_SIZE]; 

int main(int argc, char *argv[])
{
	if (argc < 2) {
				int fd, config_fd, rc, pid;
				char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
				struct keyvalue *kv = NULL;

				if (!(initsetuid()))
						exit(1);

				kv = initkeyvalues();
				if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")){
						fprintf(stderr, "Cannot read remote access settings\n");
						exit(1);
				}

				/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
				* this prevents 2 copies of sshctrl both trying to edit the config file
				* at once. It also prevents race conditions, but these shouldn't be
				* possible as /etc/ssh/ should only be writable by root anyhow
				*/

				if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY|O_CREAT|O_EXCL, 0644 )) == -1 ){
						perror("Unable to open new config file");
						freekeyvalues(kv);
						exit(1);
				}

				if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
						strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
				else
						strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );

				if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
						strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"		"s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", STRING_SIZE - 1 );
				else
						strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"		"s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", STRING_SIZE - 1 );

				if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
						strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
				else
						strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );

				if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
						strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
				else
						strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );

				freekeyvalues(kv);

				snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
				strlcat(command, buffer, STRING_SIZE - 1);

				if((rc = unpriv_system(command,99,99)) != 0){
						fprintf(stderr, "sed returned bad exit code: %d\n", rc);
						close(config_fd);
						unlink("/etc/ssh/sshd_config.new");
						exit(1);
				}

				close(config_fd);
				if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0){
						perror("Unable to replace old config file");
						unlink("/etc/ssh/sshd_config.new");
						exit(1);
				}

				memset(buffer, 0, STRING_SIZE);

				if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1){
						if (read(fd, buffer, STRING_SIZE - 1) == -1)
								fprintf(stderr, "Couldn't read from pid file\n");
						else{
								pid = atoi(buffer);
								if (pid <= 1)
										fprintf(stderr, "Bad pid value\n");
								else{
										if (kill(pid, SIGTERM) == -1)
												fprintf(stderr, "Unable to send SIGTERM\n");
										else
												unlink("/var/run/sshd.pid");
										}
								}
						close(fd);
				}
				else{
						if (errno != ENOENT){
								perror("Unable to open pid file");
								exit(1);
						}
				}

				if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1){
						close(fd);
						safe_system("/usr/sbin/sshd");
				}

				return 0;
	}
	else if (strcmp(argv[1], "tempstart") == 0) {
				safe_system("/usr/local/bin/sshctrl");
				sleep(5);
				unlink("/var/ipfire/remote/enablessh");
				safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
        safe_system("chown nobody.nobody /var/ipfire/remote/settings");
				snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
				safe_system(command);
	}
}
Commit	Line	Data
900832fa	1	/* SmoothWall helper program - sshctrl
70db8683 CS	2	*
	3	* This program is distributed under the terms of the GNU General Public
	4	* Licence. See the file COPYING for details.
	5	*
	6	* (c) Mark Wormgoor, 2001
	7	* Simple program intended to be installed setuid(0) that can be used for
	8	* restarting SSHd.
	9	*
900832fa	10	* $Id: sshctrl.c,v 1.3 2003/12/11 10:57:34 riddles Exp $
70db8683 CS	11	*
	12	*/
	13
	14	#include <stdio.h>
	15	#include <stdlib.h>
	16	#include <unistd.h>
	17	#include <string.h>
	18	#include <sys/types.h>
	19	#include <fcntl.h>
	20	#include <signal.h>
	21	#include <errno.h>
	22	#include "libsmooth.h"
	23	#include "setuid.h"
	24
ca4c317c CS	25	#define BUFFER_SIZE 1024
	26
	27	char command[BUFFER_SIZE];
	28
70db8683 CS	29	int main(int argc, char *argv[])
70db8683 CS	30	{
ca4c317c CS	31	if (argc < 2) {
	32	int fd, config_fd, rc, pid;
	33	char buffer[STRING_SIZE], command[STRING_SIZE] = "/bin/sed -e '";
	34	struct keyvalue *kv = NULL;
	35
	36	if (!(initsetuid()))
	37	exit(1);
	38
	39	kv = initkeyvalues();
	40	if (!readkeyvalues(kv, CONFIG_ROOT "/remote/settings")){
	41	fprintf(stderr, "Cannot read remote access settings\n");
	42	exit(1);
	43	}
	44
	45	/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
	46	* this prevents 2 copies of sshctrl both trying to edit the config file
	47	* at once. It also prevents race conditions, but these shouldn't be
	48	* possible as /etc/ssh/ should only be writable by root anyhow
	49	*/
	50
	51	if ((config_fd = open( "/etc/ssh/sshd_config.new", O_WRONLY\|O_CREAT\|O_EXCL, 0644 )) == -1 ){
	52	perror("Unable to open new config file");
	53	freekeyvalues(kv);
	54	exit(1);
	55	}
	56
	57	if(findkey(kv, "ENABLE_SSH_PROTOCOL1", buffer) && !strcmp(buffer,"on"))
	58	strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE - 1 );
	59	else
	60	strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE - 1 );
70db8683	61
ca4c317c CS	62	if(findkey(kv, "ENABLE_SSH_KEYS", buffer) && !strcmp(buffer,"off"))
	63	strlcat(command, "s/^RSAAuthentication .$/RSAAuthentication no/;" "s/^PubkeyAuthentication .$/PubkeyAuthentication no/;", STRING_SIZE - 1 );
	64	else
	65	strlcat(command, "s/^RSAAuthentication .$/RSAAuthentication yes/;" "s/^PubkeyAuthentication .$/PubkeyAuthentication yes/;", STRING_SIZE - 1 );
70db8683	66
ca4c317c CS	67	if(findkey(kv, "ENABLE_SSH_PASSWORDS", buffer) && !strcmp(buffer,"off"))
	68	strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE - 1 );
	69	else
	70	strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE - 1 );
70db8683	71
ca4c317c CS	72	if(findkey(kv, "ENABLE_SSH_PORTFW", buffer) && !strcmp(buffer,"on"))
ca4c317c CS	73	strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE - 1 );
70db8683	74	else
ca4c317c CS	75	strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE - 1 );
	76
	77	freekeyvalues(kv);
	78
	79	snprintf(buffer, STRING_SIZE - 1, "' /etc/ssh/sshd_config >&%d", config_fd );
	80	strlcat(command, buffer, STRING_SIZE - 1);
	81
	82	if((rc = unpriv_system(command,99,99)) != 0){
	83	fprintf(stderr, "sed returned bad exit code: %d\n", rc);
	84	close(config_fd);
	85	unlink("/etc/ssh/sshd_config.new");
	86	exit(1);
	87	}
	88
	89	close(config_fd);
	90	if (rename("/etc/ssh/sshd_config.new","/etc/ssh/sshd_config") != 0){
	91	perror("Unable to replace old config file");
	92	unlink("/etc/ssh/sshd_config.new");
	93	exit(1);
	94	}
	95
	96	memset(buffer, 0, STRING_SIZE);
	97
	98	if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1){
	99	if (read(fd, buffer, STRING_SIZE - 1) == -1)
	100	fprintf(stderr, "Couldn't read from pid file\n");
	101	else{
	102	pid = atoi(buffer);
	103	if (pid <= 1)
	104	fprintf(stderr, "Bad pid value\n");
	105	else{
	106	if (kill(pid, SIGTERM) == -1)
	107	fprintf(stderr, "Unable to send SIGTERM\n");
	108	else
	109	unlink("/var/run/sshd.pid");
	110	}
	111	}
	112	close(fd);
	113	}
	114	else{
	115	if (errno != ENOENT){
	116	perror("Unable to open pid file");
	117	exit(1);
	118	}
	119	}
	120
	121	if ((fd = open(CONFIG_ROOT "/remote/enablessh", O_RDONLY)) != -1){
	122	close(fd);
	123	safe_system("/usr/sbin/sshd");
	124	}
	125
	126	return 0;
70db8683	127	}
ca4c317c CS	128	else if (strcmp(argv[1], "tempstart") == 0) {
	129	safe_system("/usr/local/bin/sshctrl");
	130	sleep(5);
	131	unlink("/var/ipfire/remote/enablessh");
	132	safe_system("cat /var/ipfire/remote/settings \| sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings");
113cd628	133	safe_system("chown nobody.nobody /var/ipfire/remote/settings");
ca4c317c CS	134	snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]);
ca4c317c CS	135	safe_system(command);
70db8683	136	}
70db8683	137	}